Methods and systems to achieve multi-tenancy in rdma over converged ethernet

ABSTRACT

A method for providing multi-tenancy support for RDMA in a system that includes a plurality of physical hosts. Each each physical host hosts a set of data compute nodes (DCNs). The method, at an RDMA protocol stack of the first host, receives a packet that includes a request from a first DCN hosted on a first host for RDMA data transfer from a second DCN hosted on a second host. The method sends a set of parameters of an overlay network that are associated with the first DCN to an RDMA physical network interface controller of the first host. The set of parameters are used by the RDMA physical NIC to encapsulate the packet with an RDMA data transfer header and an overlay network header by using the set of parameters of the overlay network to transfer the encapsulated packet to the second physical host using the overlay network.

CLAIM OF BENEFIT TO PRIOR APPLICATIONS

This application claims the benefit of U.S. Provisional PatentApplication 62/097,505, filed Dec. 29, 2014. U.S. Provisional PatentApplication 62/097,505 is incorporated herein by reference.

BACKGROUND

Remote Direct Memory Access (RDMA) provides read and write servicedirectly between two applications and enables data transfers directly toapplication buffers without intermediate data copies. RDMA enablesmemory data transfers to bypass operating systems and kernels.

There are currently several protocols to transfer RDMA packets overnetworks. Examples of RDMA transfer protocols are RDMA over ConvergedEthernet (RoCE) and Internet Wide Area RDMA Protocol (iWARP). RoCE is anOpen Systems Interconnection (OSI) model Layer 2 network technology toachieve direct data transfers between two hosts on the same Ethernetnetwork by bypassing the CPU or Kernel.

Currently RoCE Version 1 does not support Internet Protocol (IP) levelrouting and is not available in a multi-tenant domain. RoCE Version 2does support IP level routing but is not available in a multi-tenantdomain. There are currently no mechanisms to use RDMA data transferprotocols such as RoCE or iWARP using an overlay network that supportsmulti-tenancy in a Software Defined Data Center.

Today, the encapsulation of an overlay network L2 frame originating froma VM is handled in software. This involves significant work on the partof the overlay network software to maintain and lookup overlay networkaddress mapping tables, and to encapsulate a transmit packet with anouter header that includes relevant overlay network, UDP, IP andEthernet information before it is sent out on the wire. Similarly thereverse process of decapsulation of the outer header for a receivedpacket is also the responsibility of the software. Each mapping tablelookup and encapsulation/decapsulation of packet in software incurssignificant CPU cost and affects performance.

BRIEF SUMMARY

Some embodiments provide a method for enabling RDMA transfers via anRDMA data transfer protocol (such as RoCE), which is an L2 technology,in a multi-tenant cloud computing environment over virtual L3 networks.This enables harnessing the power of RDMA technology and achieving thegoal of seamless connection between multiple physical and virtualnetworks, using the Software Defined Network (SDN) approach.

An overlay network is a network virtualization technology that achievesmulti-tenancy in cloud computing environment. Some embodiments utilizean overlay network to provide L3 routability and enable RDMA transfersin a multi-tenant environment. These embodiments enable RDMA datatransfer over an overlay network by encapsulating RDMA data transferprotocol (such as RoCE or iWARP) packets with overlay network routingheader.

The overlay network software is responsible for maintaining an overlaynetwork mapping table to include VM media access control (MAC) addressto the tunnel end point IP and other address mappings. Some of theseembodiments also program the overlay network interface controller (NIC)with the overlay network address mapping information specific to eachRDMA connection in order to offload the encapsulation of RDMA packetswith overlay network headers to hardware.

The preceding Summary is intended to serve as a brief introduction tosome embodiments of the invention. It is not meant to be an introductionor overview of all inventive subject matter disclosed in this document.The Detailed Description that follows and the Drawings that are referredto in the Detailed Description will further describe the embodimentsdescribed in the Summary as well as other embodiments. Accordingly, tounderstand all the embodiments described by this document, a full reviewof the Summary, Detailed Description and the Drawings is needed.Moreover, the claimed subject matters are not to be limited by theillustrative details in the Summary, Detailed Description and theDrawing.

BRIEF DESCRIPTION OF THE DRAWINGS

The novel features of the invention are set forth in the appendedclaims. However, for purposes of explanation, several embodiments of theinvention are set forth in the following figures.

FIG. 1 conceptually illustrates a portion of a virtual infrastructure ofsome embodiments of the invention that enables RDMA between two virtualmachines of the same tenant located on two different hosts.

FIG. 2 is a simplified diagram that shows a selected number of fieldsfor RoCE version 1 protocol.

FIG. 3 is a simplified diagram that shows a selected number of fieldsfor RoCE version 2 protocol.

FIG. 4 conceptually illustrates a process initiated by a requesting VMto perform RDMA address resolution in some embodiments of the invention.

FIG. 5 conceptually illustrates the overlay network information tupleobtained by the RDMA stack from an overlay network address mappingtables in some embodiments of the invention.

FIG. 6 conceptually illustrates a process initiated by a requesting VMto perform RDMA request an RDMA connection in some embodiments of theinvention.

FIG. 7 is a simplified diagram that shows a selected number of fieldsfor encapsulating RDMA protocol packets in an overlay network header insome embodiments of the invention.

FIG. 8 conceptually illustrates a process performed when a destinationRDMA NIC receives an RDMA connect request in some embodiments of theinvention.

FIG. 9 conceptually illustrates a process performed to send theacceptance or rejection of an RDMA connection request from a destinationVM to a requesting VM in some embodiments of the invention.

FIG. 10 conceptually illustrates a process performed when the acceptanceor rejection of an RDMA connection request from a destination VM isreceived at a requesting VM in some embodiments of the invention.

FIG. 11 conceptually illustrates a process performed when a queue pairis created by the VM that has requested the establishment of the RDMAconnection in some embodiments of the invention.

FIG. 12 conceptually illustrates a process performed when a queue pairis created by the destination VM in some embodiments of the invention.

FIG. 13 conceptually illustrates a process performed for requesting datatransfer using RDMA in some embodiments of the invention.

FIG. 14 conceptually illustrates a process performed to use RDMA towrite data into memory of a destination VM in some embodiments of theinvention.

FIG. 15 conceptually illustrates a process performed to use RDMA to readdata from memory of a destination VM in some embodiments of theinvention.

FIG. 16 conceptually illustrates a process performed to receive therequested RDMA data from a destination VM at a requesting VM in someembodiments of the invention.

FIG. 17 conceptually illustrates an electronic system with which someembodiments of the invention are implemented.

DETAILED DESCRIPTION

In the following detailed description of the invention, numerousdetails, examples, and embodiments of the invention are set forth anddescribed. However, it will be clear and apparent to one skilled in theart that the invention is not limited to the embodiments set forth andthat the invention may be practiced without some of the specific detailsand examples discussed.

Virtualization is the ability to simulate a hardware platform, such as aserver, storage device or network resource, in software. A virtualmachine (VM) is a software implementation of a machine such as acomputer. Virtual networks are abstractions of a physical network. VMsmay communicate using virtual networks. One such virtual network is anoverlay network, which is a Layer 2 overlay scheme over a Layer 3network. An overlay network is a network virtualization technology thatachieves multi-tenancy in cloud computing environment. Examples ofoverlay networks include Virtual eXtensible LAN (VXLAN), Generic NetworkVirtualization Encapsulation (GENEVE), and Network Virtualization usingGeneric Routing Encapsulation (NVGRE). For instance, VXLAN is an L2overlay scheme over a Layer 3 (L3) network. VXLAN encapsulates anEthernet L2 frame in IP (MAC-in-UDP encapsulation) and allows VMs to bea part of virtualized L2 subnets operating in separate physical L3networks. Similarly, NVGRE uses Generic Routing Encapsulation (GRE) totunnel L2 packets over L3 networks.

Overlay networks such as VXLAN and GENEVE are the preferred networkvirtualization technology to achieve multi-tenancy in a cloud computingenvironment. An overlay network is an L2 overlay scheme over an L3network. Overlay network implementation involves encapsulation oftraffic with relevant overlay network outer User Datagram Protocol (UDP)headers that enables routing of the L2 traffic in a virtual network.

Some embodiments enable RDMA data transfer over an overlay network byencapsulating an RDMA data transfer protocol (such as RoCE) packets withoverlay network routing header. A host that participates in overlaynetwork includes an overlay network virtualization software that coversthe configuration/control plane, data plane and overlay network packetprocessing functionality. The host acts as a tunnel end point. For aVXLAN overlay network, the tunnel end point is known as Virtual TunnelEndpoint (VTEP).

The RDMA NIC is programmed with the overlay network address mappinginformation that is specific to each RDMA connection in order to provideL3 routability and multi-tenancy capabilities. In addition, someembodiments offload the encapsulation of RoCE packets with overlaynetwork headers to the NIC hardware. This requires making changes to thecurrent control plane and data plane of the current RDMA softwareimplementation.

FIG. 1 conceptually illustrates a portion of a virtual infrastructure ofsome embodiments of the invention that enables RDMA between two virtualmachines of the same tenant located on two different hosts. As shown,several VMs 105-110 are hosted on several physical host machines130-132.

The virtualized infrastructure in some embodiments is managed by asingle cloud management system. The term cloud service refers toservices (such as computing, storage, etc.) provided in a distributedmanner over a network. The virtualized infrastructure includes a set ofhost machines 120-132 hosting multiple tenants. Each tenant has one ormore VMs. For simplicity, FIG. 1 only shows VMs—105-110 for one tenant(i.e., Tenant 1).

Each host 120-132 includes host virtualization software 115 (sometimesreferred to as a hypervisor). The host virtualization software 115 shownin this figure are representative of the various types of virtualizationsoftware (e.g., virtual machine monitor, etc.) that may operate on hostsin such a virtualized infrastructure.

In the virtualization field, some refer to software switches as virtualswitches as these are software elements. However, in this specification,the software forwarding elements are referred to as physical forwardingelements (PFEs), in order to distinguish them from logical forwardingelements (LFEs), which are logical constructs that are not tied to thephysical world. In other words, the software forwarding elements arereferred to as PFEs because they exist and operate in the physicalworld, whereas LFEs are a logical representation of a forwarding elementthat is presented to a user when designing a logical network. In someembodiments, several PFEs are distributed throughout the networkimplement tenant's LFEs, where each PFE is a local instantiation of anLFE that operate across different host machines and can perform L3packet forwarding between VMs on the host machine or on different hostmachines. An LFE is sometimes referred to as a virtual distributedswitch (VDS).

In each host 130-132, the LFE 120 connects to a physical networkinterface card (PNIC) to send outgoing packets and to receive incomingpackets. The PNICs 185-187 in FIG. 1 are RDMA capable NICs. In someembodiments, an LFE is defined to include a set of ports 140 throughwhich it connects to the PNIC through the uplink 170 to send and receivepackets.

An uplink 170 is a module that relays packets between the LFE 120 andthe RDMA capable NIC 185 (or 187) in order to perform various packetprocessing functions on incoming and outgoing traffic. The RDMA capableNIC 185-187 is a PNIC, also referred to as converged network adapter(CNA), that is programmed to perform Ethernet packet transfers as wellas RDMA packet transfers. Each port on a RDMA capable NIC is capable ofcarrying both Ethernet traffic and RDMA traffic. The RDMA capable NIC insome embodiments registers two logical devices with the hostvirtualization software 115, one logical device to handle uplink trafficand one logical device to handle RDMA traffic. Each LFE is also definedto have several virtual ports 145-148 to connect to tenant VMs 105-110through a virtual NIC (VNIC). As described below, the RDMA guest device(or RDMA paravirtualized device) 160-162 provides VNIC functionality aswell as interfacing with the RDMA stack 175.

The VNIC functionality in a VM is responsible for exchanging packetsbetween the VM and the network virtualization layer of the hostvirtualization software 115 through an associated VNIC emulator (notshown). Each VNIC emulator interacts with VNIC drivers in the VMs tosend and receive data to and from the VMs. In some embodiments, thevirtual NICs are software abstractions of physical NICs implemented byvirtual NIC emulators. For instance, the code for requesting andobtaining a connection ID resides in components of VNIC emulators insome embodiments. In other words, the VNIC state is implemented andmaintained by each VNIC emulator in some embodiments. Virtual devicessuch as VNICs are software abstractions that are convenient to discussas though part of VMs, but are actually implemented by virtualizationsoftware using emulators. The state of each VM, however, includes thestate of its virtual devices, which is controlled and maintained by theunderlying virtualization software.

The VMs 105-110 of a tenant form a logical network (also referred to asprivate network or virtual network), which is conceptually shown by adashed line 152. The logical network is an abstraction of a physicalnetwork and may provide a virtual Layer 2 (or data link layer) forservices such as encapsulation and decapsulation of network layer datapackets into frames, frame synchronization, medial access control, etc.The logical network may span one or more physical networks and beorganized independent of the underlying physical topology andorganization of the physical networks. Each logical network isconfigured by a tenant.

A host that participates in overlay network includes overlay networkvirtualization software that covers the configuration/control plane,data plane and overlay network packet processing functionality. The hostincludes (e.g., as a part of the LFE software) the overlay networkvirtualization software 150 that acts as a tunnel end point. In theexample of VXLAN overlay network, the overlay network virtualizationsoftware is referred to as VXLAN Virtual Tunnel Endpoint (VTEP) softwareand the tunnel end point is known as VTEP. There is a unique identifierassociated with each instance of an overlay network. The overlay networksoftware 150 is responsible for maintaining a mapping table to include,e.g., VM MAC to tunnel end point address and other address mappings. Theoverlay network traffic between a tenant's VMs 105-110 that are hostedon separate hosts 130-132 is passed through a tunnel 125 through thecommunication network 127. The communication network 127 may include theInternet, local area networks (LANs), wide area networks (WANs),different hardware equipment such as cables, routers, switches, etc.

The VMs 105 and 110 in FIG. 1 belong to the same tenant but are hostedby two different hosts 130 and 132, respectively. In the example of FIG.1, the two VMs are on two different subnets and have two different IPaddresses. VMs 105 and 110 are capable of transferring data using RDMA.Each tenant includes a virtual RDMA device (RDMA guest device) 160-162.Each host virtualization software 115 includes a RDMA guest devicebackend 190, an RDMA stack or (RDMA protocol stack) 175 and an RDMA NICdriver 180. In some embodiments, the RDMA stack is OpenFabricsEnterprise Distribution (OFED™) open source software used to provideRDMA capability in the host.

RDMA guest device 160-162 is a paravirtualized device.Paravirtualization refers to a technique in which the guest operatingsystem (OS), which is used by a VM, is modified to replacenon-virtualizable instructions with hypercalls that communicate directlywith the virtualization software of the host. The virtualizationsoftware also provides hypercall interfaces to communicate withparavirtualized devices in VMs. The RDMA guest device 160-162 in someembodiments utilizes library calls (e.g., “verbs” library calls) toestablish an RDMA connection. These library calls provide semanticdescription of a required behavior (e.g., are used to provide theinformation required for establishing an RDMA connection). The calls areused to manage control path objects by creating and destroying objectssuch as send and receive work queue pairs, completion queues, and memoryregions. These application programming interface (API) calls are alsoused to manage the data path by requesting work processing such asposting sends and receives and requesting for completion event.

The RDMA guest device backend 190 translates library calls from the RDMAguest device in the guest (i.e., VMs 105-100) to RDMA stack 175 calls.The guest physical address space (or the guest virtual address space) ismapped (or translated) to the physical address space of the host (ormachine memory address) and passed to the RDMA capable NIC 180. The RDMAcapable NIC maintains an address translation table and performszero-copy DMA directly from/to the guest physical memory.

The RDMA guest device 160-162 in the hosts provide two functionalities.The RDMA guest device 160-162 provides an interface to the RDMA stack175 and another interface that provides VNIC functionality for the VM.The RDMA guest device 160-162 in some embodiments registers two logicaldevices with the host virtualization software 115, one logical devicethat provides VNIC functionality and one logical device to interfacewith the RDMA stack.

The RDMA guest device 160-162 makes library calls to RDMA guest devicebackend 190 to establish an RDMA connection between the two VMs. TheRDMA guest device 160-162 in the VM 105, that is requesting theestablishment of the connection, is associated with a port such as port145 on the LFE 120. If the port is associated with an overlay network(e.g., the port is associated with a VTEP on a VXLAN network), theinformation related to the overlay network (such as source VTEP IP,source VTEP MAC, source VTEP VLAN, source VTEP maximum total unit (MTU),inner Destination IP, inner destination MAC, destination VTEP IP,destination VTEP MAC, etc.) is pushed through the RDMA stack 175 andRDMA NIC driver 180 to the RDMA NIC 185, which is a hardware NIC. TheRDMA NIC then performs RoCE protocol encapsulation as well as overlaynetwork encapsulation and sends the resulting packets over the overlaynetwork tunnel 125 to the RDMA NIC. 187 connected to the destinationhost 132.

The destination RDMA NIC 187 decapsulates the packets by removing theouter overlay network header and passes the packets to RDMA stack of thedestination host 132 for processing. As described further below, once aconnection is established, any request for RDMA data transfer isperformed directly between the source and destination VMs through thecorresponding RDMA NICs by bypassing the OS and kernels of the sourceand destination hosts.

The RDMA connection creates a logical RDMA connection, which isconceptually shown by a dashed line 195. The RDMA connection is createdbetween the requesting VM 105 and the destination VM 110 to directlytransfer data between the application buffers 197 and 199 of the two VMsthat are identified for the RDMA connection. The physical path totransfer data is through the overlay network. Once the requested dataarrives at the RDMA NIC 185 associated with the requesting VM's host130, the RDMA NIC directly transfers the data into the applicationbuffers 199 identified by the requesting VM 105, bypassing the host andguest operating systems and kernels.

Although the RDMA data transfer protocol is described by reference tothe example of RoCE, a person of ordinary skill in the art will realizethat the same discussions are equally applicable to other RDMA datatransfer protocols such as iWARP, which provides RDMA by layering RDMApayload on top of Data Placement Protocol (DDP) which are in turnencapsulated by Stream Control Transmission Protocol (SCTP) andTransmission Control Protocol (TCP) headers.

I. Enabling Rdma Data Transfer Using an Overlay Network

RoCE is described in this section as an example of an RDMA networkprotocol. RoCE is a network protocol that allows RDMA access over anEthernet network. RoCE provides message transport services directly toan application as opposed to a traditional network, which requires theapplication to use the services of the OS to transfer message packets.

RoCE version 1 is a link layer (i.e., L2) protocol used for RDMA accessbetween hosts that are on the same Ethernet broadcast domain. FIG. 2 isa simplified diagram that shows a selected number of fields for RoCEversion 1 (v1) protocol. Further details describing additional fieldsfor RoCE version 1 are described in “Supplement to InfiniBand™Architecture Specification, Volume 1, Release 1.2.1 Annex A16: RDMA overConverged Ethernet (RoCE)”, InfiniBand™ Trade Association, Apr. 6, 2010,which is incorporated herein by reference.

As shown in FIG. 2, RoCE v1 packet structure 200 includes frame checksequence (FCS) 260, invariant Cyclic Redundancy Code (CRC) 250, RDMApacket payload 205, InfiniBand™ architecture (IBA) transport headers210, global routing header (GRH) 215, a virtual local area network(VLAN) field 225, and Ethernet header 230. The FCS 260 is a CRC that isused to detect any in-transit corruption data of an Ethernet frame. Theinvariant CRC 250 is a CRC error detecting code that covers all fieldsof the packet that are invariant from end to end through all switchesand routers on the network.

The RDMA packet payload 205 is the actual RDMA packet (or message). TheIBA transport headers 210 include the fields such as base transportheader and extended transport header used for IBA transport.

The GRH 215 includes fields used for routing the packet between subnets.The VLAN field 225 is an IEEE 802.1Q tag filed that is used to indicateVLAN membership of the frame's port or the frame's port and protocolcombination depending on the type of VLAN being used. The Ethernetheader 230 includes Ethernet frame fields including source MAC addressand destination MAC address. As can be seen, the Ethernet header 230 inRoCE v1 includes only L2 address and does not allow traversal of L3routers.

In general, RoCE requires a lossless network. With RoCE v1, this isachieved via data center bridging (DCB), which is a set of enhancementsto Ethernet local area networks to use the network in a data centerenvironment. By adding the outer headers, the lossless nature of thenetwork has to be preserved across L3 domain. The L3 lossless feature atthe routers (e.g., differentiated services code point (DSCP) in the IPheader) is used in some embodiments for the outer headers. For instance,some embodiments use assured forwarding (AF) per-hop behavior (PHB)group to provide assurance of delivery. Some of these embodimentsutilize an AF Class 3 such as AF31 in the IP header to provide alossless delivery of packets. The same principle is used for RoCE v2.

FIG. 3 is a simplified diagram that shows a selected number of fieldsfor RoCE version 2 (v2) protocol. Further details describing additionalfields for RoCE version 1 are described in “Supplement to InfiniBand™Architecture Specification, Volume 1, Release 1.2.1 Annex A17: roCEv2”,InfiniBand™ Trade Association, Sep. 2, 2014, which is incorporatedherein by reference.

As shown in FIG. 3, RoCE v2 packet structure 300 includes FCS 260,invariant CRC 250, RDMA packet payload 205, IBA transport headers 210,UDP header 305, IP header 310, a VLAN field 225, and an Ethernet header230. FCS 260, invariant CRC 250, RDMA packet payload 205, IBA transportheaders 210, VLAN field 225, and Ethernet header 230 are similar to thefields described above by reference to FIG. 2.

The GRH field 215 of RoCE v1 is replaced by the UDP header 305 and IPheader 310 in RoCE v2. The IP header 310 allows traversal of IP L3routers. The UDP header 305 serves as a stateless encapsulation layerfor the RDMA packets over IP. As can be seen, the frame formats of FIG.2 and FIG. 3 do not provide support for multi-tenancy, in environmentssuch as software defined data centers (SDDCs) that utilize overlaynetworks to provide multi-tenancy support for host machines that hostVMs for multiple tenants.

An application requesting an RDMA connection creates a work queue pair(QP) that includes a send queue and a receive queue. The destinationapplication also creates a matching QP. Each QP represents the endpointof the channel that connects the two applications for RDMA datatransfer. An application requests RDMA services by posting work requests(WRs) such as posting a send request or a work completion request to awork queue.

In order to establish a connection, the two applications initiallyutilize a special QP (referred to as QP1). Once the connection isestablished, each application uses a dedicated QP that is created andmaintained during the lifetime of the connection.

-   -   A. Programming RDMA NIC with Overlay Network Address Mapping        Information

Some embodiments provide control path changes that include programmingthe RDMA NIC with overlay network address mapping information that isspecific to each RDMA connection. The overlay network address mappinginformation is obtained from the overlay network address tables that aremaintained in overlay network virtualization software. This enables theNIC hardware to generate outer encapsulation header by referencing thehardware table. RDMA NIC in some embodiments registers its overlaynetwork capability with the overlay network software to receive overlaynetwork address notifications and mapping updates.

In some embodiments the RDMA stack programs overlay network mappinginformation into the RDMA NIC during the RDMA connection establishmentphase. The RDMA NIC native device driver is provided with relevantinfrastructure/API to register its overlay network capability with theoverlay network software or RDMA stack. Also, necessary infrastructurein terms of callbacks is provided for the RDMA NIC native device driverto receive overlay network configuration and update information. Acallback is a function that is passed to another function as aparameter. In some embodiments, a callback is provided to associate/bindthe overlay network information with the RDMA NIC device.

In some embodiments, RDMA connection establishment phase utilizes anRDMA-connection manager (RDMA-CM) and involves three broad steps: RDMAaddress resolution, RDMA connect, and RDMA QP creation andconfiguration. The following sections describe how, by making newprogrammatic changes in each of the above connection establishmentsteps, the RDMA NIC is programmed with overlay network information andachieves support for multi-tenancy in some embodiments of the invention.

The following examples use one VM as the requesting VM (or the client)and another VM as the destination VM (or the server). The samediscussions apply to the cases where the client, the server, or both arehosts (instead of VMs). In these cases the destination IP address(instead of referring to a VM IP address) refers to the IP addressconfigured on a kernel VNIC (referred to as vmknic) that is used by thehost to connect to an LFE port to communicate with entities outside thehost kernel. Accordingly, the invention equally applies to RDMAtransfers that involve kernel applications and/or VMs. In either case,the RDMA is performed with the host CPU performing the task of copyingdata from one memory area to another.

-   -   1. RDMA Address Resolution

FIG. 4 conceptually illustrates a process 400 initiated by a requestingVM to perform RDMA address resolution in some embodiments of theinvention. The operations shown above the dashed line 490 are performedby the requesting VM (e.g., by the RDMA guest device 160 shown inFIG. 1) while the operations shown below the line 490 are performed bythe RDMA stack 175 of the source host 130 (i.e., the host of therequesting VM 105).

As shown, when an RDMA client (such as VM 105) initiates an RDMAconnection using RDMA-CM, the client creates (at 405) a uniqueconnection manager identifier (CM_ID). Next, the process sends (at 410)an RDMA address resolution request to the RDMA stack (e.g., to the RDMAguest device backend 190), through the virtual network interfaceassociated with an overlay network. The process then determines (at 415)whether the virtual network interface is associated with an overlaynetwork (e.g., whether the LFE port 145 that is connected to the VM'sRDMA guest device 160 is associated with an overlay network end tunnelsuch as a VXLAN VTEP).

Currently, as done in a prior art virtualized environment, when an RDMAclient initiates connection over a VNIC, the RDMA stack performs addressresolution on its behalf, to obtain the corresponding routinginformation. The RDMA stack then associates/binds this virtual networkinterface and its properties {CM ID, Source IP, Source MAC, Source VLAN,Source MTU} with the RoCE device via a programmatic interface (e.g., abindSourceInfo driver callback). This binding is uniquely identified bythe CM_ID and is in existence during the course of the RDMA connection.The RDMA stack invokes the driver callback to program this informationinto the RDMA NIC. As can be seen, this mechanism does not providesupport for multi-tenancy over an overlay network such as VXLAN whereeach tenant can define its own logical network.

When process 400 determines that the virtual network interface is notassociated with an overlay network, the process performs (at 420)address resolution (as done in prior art) by binding the virtual networkinterface and its properties {CM_ID, Source IP, Source MAC, Source VLAN,Source MTU} with the RDMA NIC without providing multi-tenancy support.The CMD-ID is the unique connection manger identification, source IP,source MAC, source VLAN, and source MTU are the IP address, MAC address,associated VLAN, and the maximum total unit (MTU) of the VTEP associatedwith the VM requesting the RDMA connection. The MTU of a communicationprotocol layer is the size (in bytes) of the largest protocol data unit(PDU) that the layer can pass forward.

Process 400 provides a novel mechanism for providing multi-tenancy forRDMA data transfer when the virtual network interface is associated withan overlay network (e.g., when the LFE port 145 that is connected to theVM's RDMA guest device 160 is associated with an overlay network endtunnel such as a VXLAN VTEP). Specifically, if the process determines(at 415) that the virtual network interface is associated with anoverlay network, the RDMA stack skips any address resolution on itspart. Instead, the RDMA stack relies on the overlay networkvirtualization software as a source for obtaining address mappinginformation. The RDMA stack retrieves (at 425) the associated overlaynetwork address mapping information from the overlay network tablemaintained by the overlay network virtualization software.

FIG. 5 conceptually illustrates the overlay network information tupleobtained by the RDMA stack in some embodiments of the invention. Asshown, for a given source and destination VM IP address for the RDMAconnection, the following address resolution is performed. There are twosteps in address resolution for a given destination IP address:determine local RDMA guest device to use and determine the destinationend tunnel information. The local RDMA guest device is determined basedon the LFE uplink and the paired RDMA guest device. The destination endtunnel information is determined by using address resolution protocol(ARP) to determine the inner destination MAC address (i.e., the Macaddress of the destination VM) and the outer destination end tunnelinformation (e.g., the VXLAN destination VTEP IP and MAC addresses)using the overlay network bridge tables via the overlay networkvirtualization software. The overlay network information for source endtunnel (e.g., the VXLAN source VTEP MAC address, VXLAN source VTEP IPaddress, the source VLAN) is locally stored in overlay address mappingtables maintained by the overlay network software. The requiredinformation for the source end tunnel is retrieved from these tables.

The tuple for the address resolution in some embodiments include:destination end tunnel MAC address 505 (e.g., VXLAN destination VTEP MACaddress), source end tunnel MAC address 510 (e.g., VXLAN source VTEP MACaddress), Ethernet information 515 (e.g., Ethernet type or any otherinformation needed for the Ethernet packets header), source end tunnelIP address 520 (e.g., VXLAN destination VTEP IP address), destinationend tunnel IP address 525 (e.g., VXLAN destination VTEP IP address),source end tunnel VLAN ID 530 (e.g., source VXLAN Network Identifier(VNI)), source MTU 535 (source VTEP MTU), UDP information 540 (e.g., UDPsource port, VXLAN port, etc.).

The tuple 505-540 along with the CM-ID 590 created to establish the RDMAconnection is sent to the RDMA enabled NIC. The RDMA enabled NIC usesthe information to encapsulate the RDMA packets by the headers requiredto transport the packets using the overlay network. The fields shown inFIG. 5 are examples of what may be needed to encapsulate RDMA packets totransport the packets using an overlay network. Depending on theparticular overlay network and the particular network configuration,different embodiments retrieve different information from the overlaynetwork address mapping tables in the host and push them to the RDMAenabled NIC.

Referring back to FIG. 4, process 400 then associates (at 430) the tuple500 with the CM_ID 590 so that it is unique for the current RDMAconnection. The process then saves (at 435) the overlay network addressmapping information and the CM-ID in RDMA stack tables for use duringthe existence of the connection. As described below, the overlay networkaddress mapping information and the CM-ID are used in an address handlestructure for the initial connection datagrams that are used by the RDMAstack in some embodiments. The address handle is an object thatdescribes the path from the local port to the remote port. The addresshandle describes the other end of the RDMA connection used in a QP.

In the OFED™ programming model, the QP connection is established byproviding the address handle. For example, for a “Reliable ConnectionQP”, the QP is modified with the address handle that specifies thedestination global identifier (GID), destination local identifier (LID),and destination MAC address during the connection establishment. This isa one time operation during a reliable connection, which is connectionoriented. In the case of “unreliable datagram (UD) QP”, each workrequest that is sent on a UD queue pair should have an address handlethat specifies the destination GID, LID, destination MAC.

Some embodiments change the address handle to reflect the destinationVTEP information. Other embodiments map the RDMA CM-ID with the addresshandle. CM-ID has the entire tuple (source VTEP and destination VTEP)that can be passed to the RDMA NIC driver. The RDMA NIC driver in someembodiments combines this CM-ID binding information and address handleto encapsulate the packets for a given post send operation. In thereceive path, the RDMA NIC in some embodiments decapulates the outerheaders in addition to inner headers and posts the RDMA payload to thecorresponding QP. However, the RDMA NIC needs to validate the outerheaders and inner headers before posting to the application buffers.

-   -   2. RDMA Connect

FIG. 6 conceptually illustrates a process 600 initiated by a requestingVM (or client) to request an RDMA connection in some embodiments of theinvention. The operations shown above the dashed line 690 are performedby the requesting VM (e.g., by the RDMA guest device 160 shown in FIG.1), the operations shown below the line 695 are performed by the RDMANIC (e.g., RDMA NIC 185), and the operations shown between the lines 690and 695 are performed by the RDMA stack 175 of the source host 130(i.e., the host of the requesting VM 105). As shown, the process sends(at 605) an RDMA connect request to connect to a destination VM using apreviously created CM-ID.

For RDMA connection requests via RDMA-CM, a special QP type, referred toas general service interface (GSI) QP or QP1, is used to send theinitial connection datagrams (referred to as Management Datagram or MAD)to the destination end of the RDMA connection. In some embodiments, newfields are added in the address handle structure that is used by theRDMA virtualization stack. These new fields hold the overlay networkaddress mapping tuple that was computed as described above by referenceto FIG. 4. The RDMA virtualization stack sends down (at 610) the MADbuffer along with the modified address handle structure to the RDMA NIC.

The RDMA NIC then uses (at 615) the overlay network address mappinginformation to encapsulate RDMA datagrams with the overlay network outerheader. Specifically, the RDMA NIC in some embodiments retrieves theCM_ID, source address and overlay network mapping information from theaddress handle structure. The RDMA NIC computes the outer VXLAN headerbased on the modified address handle structure and encapsulate the innerpacket (the connection MAD) with it. The RDMA NIC then sends (at 620)the encapsulated packet out on the virtual network wire to thedestination VM (or server).

FIG. 7 is a simplified diagram that shows a selected number of fieldsfor encapsulating RDMA protocol packets in an overlay network header insome embodiments of the invention. As shown, the encapsulated packetstructure 700 includes RDMA packet 725. The RDMA packet 725, forexample, is a RoCE v1 packet 200 shown in FIG. 2, RoCE v2 packet 300shown in FIG. 3, an iWARP packet, or any other RDMA protocol packet thatis going to be exchanged between two VMs.

The RDMA packet 725 is wrapped in an overlay network header 735 thatincludes the overlay network identification (e.g., a VXLAN header thatinclude the VXLAN ID). This inner frame is further wrapped in a UDPheader 740 (referred to as outer UDP). The result is further wrapped inouter IP header 790, which includes IP address 745 of the destinationend tunnel (e.g., the VXLAN destination VTEP IP address) and the IPaddress 750 of the source end tunnel (e.g., the VXLAN source VTEP IPaddress). The result is further wrapped in an outer Ethernet header 795(which includes outer virtual local area network (VLAN) tag information(e.g., VXLAN tag information) and Ether type 755, the source end tunnelMAC address 760 (e.g., the VXLAN source VTEP MAC address), and thedestination end tunnel MAC address 765) (e.g., the VXLAN destinationVTEP MAC address). Finally, the overlay network encapsulation includesan optional outer FCS 770. By doing the outer wrapping, the overlaynetwork creates a logical network for VMs across different networks. Theoverlay network (e.g., VXLAN) creates a Layer 2 network on top of Layer3 networks. The fields 735-765 and the optional outer FCS 770 are hereinreferred to as the outer header and the encapsulated packet 700 isreferred to as the outer packet.

FIG. 7 is a simplified diagram that shows a selected number of fieldsfor an overlay network encapsulation. For an example of an overlaynetwork, further details describing additional fields for VXLANencapsulation is described in “VXLAN: A Framework for OverlayingVirtualized Layer 2 Networks over Layer 3 Networks”, by M. Mahalingam,et al., Network Working Group, Aug. 26, 2011, which is incorporatedherein by reference. Although this document refers to this selectedfields for simplicity, a person of ordinary skill in the art willrealize that encapsulating packets for overlay networks such as VXLAN,GENEVE, etc., require encapsulating the packets with the entire outerheader of the overlay network.

In FIG. 7, the outer wrap is used to deliver the L2 payload through anL3 network. For instance, the outer source IP source address is the IPaddress of the source VTEP and the outer destination IP address is theIP address of the destination VTEP. The outer source MAC address is theMAC address of the source VTEP and the outer destination MAC address isthe MAC address of the next network entity (such as a router of gateway)on the path from the source VTEP to the destination VTEP.

In some embodiments, the VTEP for VXLAN includes the followingcomponents: A VM kernel component that is part of the LFE and is usedfor VXLAN data path processing, which includes maintenance of forwardingtables; a VM kernel NIC virtual adapter to carry VXLAN traffic, and aVXLAN port group that dictates how VXLAN traffic is carried in and outof the host VTEP through the physical NICs.

The outer IP header 790 allows traversal of IP L3 routers. The UDPheader 740 serves as a stateless encapsulation layer for the RDMApackets over IP, the VLAN field 755 is an IEEE 802.1Q tag filed that isused to indicate VLAN membership of the frame's port or the frame's portand protocol combination depending on the type of VLAN being used.

FIG. 8 conceptually illustrates a process 800 performed when adestination RDMA NIC (e.g., RDMA NIC 187 shown in FIG. 1) receives anRDMA connect request in some embodiments of the invention. Theoperations shown above the dashed line 890 are performed by thedestination VM (e.g., by the RDMA guest device 162 shown in FIG. 1), theoperations shown below the line 895 are performed by the RDMA NIC (e.g.,RDMA NIC 187), and the operations shown between the lines 890 and 895are performed by the RDMA stack 175 of the destination host 132.

As shown, the process receives (at 805) an RDMA connect requestencapsulated in overlay network header from a requesting VM through theoverlay network. For instance, the RDMA NIC on the receiving end of theRDMA connection receives the overlay network encapsulated MAD packet onQP1. The process then removes (at 810) the packet's outer headerrelating to the overlay network. The overlay network information fromthe outer header is consumed and validated (e.g., against the sourceVXLAN/VTEP information in a VXLAN network). The process determines (at815) whether the overlay network information is valid. For instance,whether the incoming VXLAN information matches with the VXLAN for thereceiving VM. If not, the packet is dropped (at 820).

Otherwise, the process (using the receiving RDMA NIC) strips the outeroverlay network header and sends (at 825) the MAD along with the outeroverlay network header information (that is extracted by the RDMA NICfrom the packet) up to the RDMA stack for connection requestacceptance/rejection. The process then reads, by the RDMA stack, thefields from the MAD buffer's address handle structure and learns aboutthe overlay network mapping information. The process then stores (at825) the overlay mapping address of the requested connection. Theprocess receives (at 830) the connection request at the destination VMfor acceptance or rejection.

FIG. 9 conceptually illustrates a process 900 performed to send theacceptance or rejection of an RDMA connection request from a destinationVM to a requesting VM in some embodiments of the invention. Theoperations shown above the dashed line 990 are performed by thedestination VM, the operations shown below the line 995 are performed bythe destination RDMA NIC, and the operations shown between the lines 990and 995 are performed by the RDMA stack of the destination host.

As shown, the connection request is processed (at 905) by thedestination VM. Next, process 900 sends (at 910) the response to theRDMA connection request to RoCE virtualization software.

The RoCE virtualization software has learned the overlay network routinginformation based on operation 825, described above by reference to FIG.8. The process, by the RDMA stack, obtains (at 915) the overlay networkaddress mapping information associated with the CM-ID from theinformation saved in the RDMA stack table during the learning process.While sending the connection accept response via MAD packet on QP1, theRoCE virtualization software on the destination host populates theaddress handle structure with the overlay network mapping table, andsends (at 920) the MAD packet to NIC. The RoCE hardware looks up overlaynetwork information from the address handle structure of the MAD buffer,constructs the outer overlay network header and encapsulates the MADresponse with the overlay network outer header and sends (at 925) thepacket on the Virtual Network.

FIG. 10 conceptually illustrates a process 1000 performed when theacceptance or rejection of an RDMA connection request from a destinationVM is received at a requesting VM in some embodiments of the invention.The operations shown above the dashed line 1090 are performed by the VMrequesting the RDMA connection, the operations shown below the line 1095are performed by the RDMA NIC associated with the requesting VM's host,and the operations shown between the lines 1090 and 1095 are performedby the RDMA stack of the requesting VM's host.

As shown, the process receives (at 1005) the response to the RDMAaddress resolution request at the RDMA NIC from the destination VMthrough the overlay network. The RDMA NIC removes (at 1010) the packet'souter header relating to the overlay network. The overlay networkinformation from the outer header is consumed and validated (e.g.,against the source VXLAN/VTEP information in a VXLAN network). Theprocess determines (at 1015) whether the overlay network information isvalid. If not, the packet is dropped (at 1020).

Otherwise, the process (using the RDMA NIC) strips the outer overlaynetwork header and sends (at 1025) the RDMA connection request responseto the requesting VM. The process then receives and processes (at 1030),by the requesting VM, the response to the RDMA connection request.

-   -   3. RDMA Queue Pair Creation

The RDMA client creates a QP for a connection before the RDMA connect iscompleted. As a part of RDMA connect, the client (e.g., the requestingVM) passes the client connection parameters to the server (e.g., thedestination VM). One of the connection parameters is the QP numberassociated to the created QP. The server receives this connectioninformation. Before the server sends the connection accept, the serverhas created a QP. The server sends the QP number to the client as partof the connection accept.

The initial connection MADs are exchanged over QP1. Once the RDMAconnection is established, the RDMA client and RDMA server use the QPcreated for the connection for carrying the RDMA (e.g. RoCE)traffic/data for that connection. In some embodiments, once a requestfor data queue pair creation comes in, the RDMA stack modifies the queuepair properties. And as part of modifying the queue pair properties, theoverlay network address mapping information is added to the propertiesof the queue pair.

As part of Modify Queue Pair, the properties of the queue pair areprogrammed in the RoCE hardware. The overlay network mapping informationgets associated with this queue pair in the hardware. In other words,once a QP is created for a connection, the QP is modified by the addresshandle of the connection.

FIG. 11 conceptually illustrates a process 1100 performed when a queuepair is created by the VM that has requested the establishment of theRDMA connection in some embodiments of the invention. The operationsshown above the dashed line 1190 are performed by the requesting VM, theoperations shown below the line 1195 are performed by the RDMA NICassociated with the requesting VM's host, and the operations shownbetween the lines 1190 and 1195 are performed by the RDMA stack of therequesting VM's host.

As shown, the process sends (at 1105) the QP create request to create aQP for the connection to the RDMA stack. The process creates (at 1110),by the RDMA stack, a QP that includes the overlay network mappinginformation associated with the connection. The process then sends (at1115) the QP to the RDMA NIC. The process then stores (at 1120), byaddress mapping information included the QP.

FIG. 12 conceptually illustrates a process 1200 performed when a queuepair is created by the destination VM in some embodiments of theinvention. The operations shown above the dashed line 1290 are performedby the destination VM, the operations shown below the line 1295 areperformed by the RDMA NIC associated with the destination VM's host, andthe operations shown between the lines 1290 and 1295 are performed bythe RDMA stack of the destination VM's host.

As shown, the process sends (at 1205) the QP create request to create aQP for the connection to the RDMA stack. In some embodiments, therequesting VM (or the server) creates a QP for an RDMA connection beforea request for an RDMA connection is received. The server then listensfor an RDMA connection request. Once the request for connection isreceived, the process assigns (at 1210) the QP to the requestedconnection. The process then includes (at 1215) the overlay networkmapping information associated with the connection to the QP. Theprocess then sends (at 1220) the QP to the RDMA NIC. The process alsoforks and creates (at 1225) another QP and listens for the next RDMAconnection request. The process also stores (at 1220), by the RDMA NICthe address mapping information included the QP.

-   -   B. RDMA Data Transfer Over the Established Connection

Once the properties of the QP are programmed in the RDMA NIC hardwarewith the overlay network information, any data messages, referred to asWork Requests (WRs) that are sent down on the created QP areencapsulated with relevant overlay network outer headers by the RDMA NIChardware before sending them out on the virtual network wire.

FIG. 13 conceptually illustrates a process 1300 performed for requestingdata transfer using RDMA in some embodiments of the invention. Theoperations shown above the dashed line 1390 are performed by therequesting VM, the operations shown below the line 1395 are performed bythe RDMA NIC associated with the requesting VM's host, and theoperations shown between the lines 1390 and 1395 are performed by theRDMA stack of the requesting VM's host.

As shown, the process sends (at 1305) an RDMA request from therequesting VM to the RDMA NIC. The RDMA request specifies the requestedbuffer in the destination VM as well as the QP created for theconnection. In case of an RDMA write request, the data to write into thedestination VM memory is also included in RDMA request. The process thenuses (at 1315) overlay network address mapping information associatedwith the QP to encapsulate RDMA datagrams with overlay network outerheader. The process then sends (at 1320) the encapsulated RDMA datagramsover the network to the destination VM.

FIG. 14 conceptually illustrates a process 1400 performed to use RDMA towrite data into memory of a destination VM in some embodiments of theinvention. The operations shown above the dashed line 1490 are performedby the destination VM, the operations shown below the line 1495 areperformed by the RDMA NIC associated with the destination VM's host, andthe operations shown between the lines 1490 and 1495 are performed bythe RDMA stack of the destination VM's host.

As shown, the process receives (at 1405) an RDMA request from arequesting VM at the destination RDMA NIC through the overlay network.The RDMA data request specifies the requested buffer in the destinationVM. The process removes (at 1410) the packet's outer header relating tothe overlay network. The overlay network information from the outerheader is consumed and validated (e.g., against the source VXLAN/VTEPinformation in a VXLAN network). The process determines (at 1415)whether the overlay network information is valid. If not, the packet isdropped (at 1420).

Otherwise, the process, by the receiving RDMA NIC, uses (at 1425) thememory region information in the RDMA request to directly write the datareceived in the RDMA packet from the RDMA NIC into the memory buffers ofthe destination VM bypassing the destination host operating system andkernel (i.e., a zero-copy transfer zero-copy transfer). Zero-copy refersto operations in which the central processing unit (CPU) does notperform the task of copying data from one memory area to another.

FIG. 15 conceptually illustrates a process 1500 performed to use RDMA toread data from memory of a destination VM in some embodiments of theinvention. The operations shown above the dashed line 1590 are performedby the destination VM, the operations shown below the line 1595 areperformed by the RDMA NIC associated with the destination VM's host, andthe operations shown between the lines 1590 and 1595 are performed bythe RDMA stack of the destination VM's host.

As shown, the process receives (at 1505) an RDMA request from arequesting VM at the destination RDMA NIC through the overlay network.The RDMA data request specifies the requested buffer in the destinationVM. The process removes (at 1510) the packet's outer header relating tothe overlay network. The overlay network information from the outerheader is consumed and validated (e.g., against the source VXLAN/VTEPinformation in a VXLAN network). The process determines (at 1515)whether the overlay network information is valid. If not, the packet isdropped (at 1520).

Otherwise, the process by the receiving RDMA NIC, uses (at 1525) thememory region information in the RDMA request to directly extract datafrom the destination VM's memory buffers 1580 bypassing the destinationhost operating system and kernel (i.e., performing a zero-copytransfer).

The process then uses the address mapping information associated withthe connection queue pair to encapsulated (at 1530) RDMA datagramscontaining the requested data with the overlay network outer header. Theprocess then sends (at 1535) the encapsulated RDMA datagrams over theoverlay network to the requesting VM.

FIG. 16 conceptually illustrates a process 1600 performed to receive therequested RDMA data from a destination VM at a requesting VM in someembodiments of the invention. The operations shown above the dashed line1690 are performed by the requesting VM, the operations shown below theline 1695 are performed by the RDMA NIC associated with the requestingVM's host, and the operations shown between the lines 1690 and 1695 areperformed by the RDMA stack of the requesting VM's host.

As shown, the process receives (at 1605) one or more datagrams includingthe requested data from the destination VM through the overlay network.The process then removes (at 1610) the packets' outer header relating tothe overlay network. The process then determines (at 1615) whether theoverlay network valid. If not, the process drops (at 1620) the datagram.

Otherwise, the process, by the RDMA NIC, uses (at 1625) the memoryregion information in the RDMA data packets to directly move the datainto the requesting VM's memory buffers 1580.

As can be seen from FIGS. 4, 6, and 8-13, the commands for addressresolution, connection creation, and QP creation are handled through theRDMA stack. As can be seen from FIGS. 14-16, the actual RDMA datatransfer is done directly to/from the VMs' memory buffers and the RDMANICs bypassing the operating system kernels of the host and guestsoperating systems.

II. Electronic System

Many of the above-described features and applications are implemented assoftware processes that are specified as a set of instructions recordedon a computer readable storage medium (also referred to as computerreadable medium). When these instructions are executed by one or moreprocessing unit(s) (e.g., one or more processors, cores of processors,or other processing units), they cause the processing unit(s) to performthe actions indicated in the instructions. Examples of computer readablemedia include, but are not limited to, CD-ROMs, flash drives, RAM chips,hard drives, EPROMs, etc. The computer readable media does not includecarrier waves and electronic signals passing wirelessly or over wiredconnections.

In this specification, the term “software” is meant to include firmwareresiding in read-only memory or applications stored in magnetic storage,which can be read into memory for processing by a processor. Also, insome embodiments, multiple software inventions can be implemented assub-parts of a larger program while remaining distinct softwareinventions. In some embodiments, multiple software inventions can alsobe implemented as separate programs. Finally, any combination ofseparate programs that together implement a software invention describedhere is within the scope of the invention. In some embodiments, thesoftware programs, when installed to operate on one or more electronicsystems, define one or more specific machine implementations thatexecute and perform the operations of the software programs.

FIG. 17 conceptually illustrates an electronic system 1700 with whichsome embodiments of the invention are implemented. The electronic system1700 can be used to execute any of the control, virtualization, oroperating system applications described above. The electronic system1700 may be a computer (e.g., a desktop computer, personal computer,tablet computer, server computer, mainframe, a blade computer etc.),phone, PDA, or any other sort of electronic device. Such an electronicsystem includes various types of computer readable media and interfacesfor various other types of computer readable media. Electronic system1700 includes a bus 1705, processing unit(s) 1710, a system memory 1720,a read-only memory (ROM) 1730, a permanent storage device 1735, inputdevices 1740, and output devices 1745.

The bus 1705 collectively represents all system, peripheral, and chipsetbuses that communicatively connect the numerous internal devices of theelectronic system 1700. For instance, the bus 1705 communicativelyconnects the processing unit(s) 1710 with the read-only memory 1730, thesystem memory 1720, and the permanent storage device 1735.

From these various memory units, the processing unit(s) 1710 retrieveinstructions to execute and data to process in order to execute theprocesses of the invention. The processing unit(s) may be a singleprocessor or a multi-core processor in different embodiments.

The read-only-memory 1730 stores static data and instructions that areneeded by the processing unit(s) 1710 and other modules of theelectronic system. The permanent storage device 1735, on the other hand,is a read-and-write memory device. This device is a non-volatile memoryunit that stores instructions and data even when the electronic system1700 is off. Some embodiments of the invention use a mass-storage device(such as a magnetic or optical disk and its corresponding disk drive) asthe permanent storage device 1735.

Other embodiments use a removable storage device (such as a floppy disk,flash drive, etc.) as the permanent storage device. Like the permanentstorage device 1735, the system memory 1720 is a read-and-write memorydevice. However, unlike storage device 1735, the system memory is avolatile read-and-write memory, such a random access memory. The systemmemory stores some of the instructions and data that the processor needsat runtime. In some embodiments, the invention's processes are stored inthe system memory 1720, the permanent storage device 1735, and/or theread-only memory 1730. From these various memory units, the processingunit(s) 1710 retrieve instructions to execute and data to process inorder to execute the processes of some embodiments.

The bus 1705 also connects to the input and output devices 1740 and1745. The input devices enable the user to communicate information andselect commands to the electronic system. The input devices 1740 includealphanumeric keyboards and pointing devices (also called “cursor controldevices”). The output devices 1745 display images generated by theelectronic system. The output devices include printers and displaydevices, such as cathode ray tubes (CRT) or liquid crystal displays(LCD). Some embodiments include devices such as a touchscreen thatfunction as both input and output devices.

Finally, as shown in FIG. 17, bus 1705 also couples electronic system1700 to a network 1725 through a network adapter (not shown). In thismanner, the computer can be a part of a network of computers (such as alocal area network (“LAN”), a wide area network (“WAN”), or an Intranet,or a network of networks, such as the Internet. Any or all components ofelectronic system 1700 may be used in conjunction with the invention.

Some embodiments include electronic components, such as microprocessors,storage and memory that store computer program instructions in amachine-readable or computer-readable medium (alternatively referred toas computer-readable storage media, machine-readable media, ormachine-readable storage media). Some examples of such computer-readablemedia include RAM, ROM, read-only compact discs (CD-ROM), recordablecompact discs (CD-R), rewritable compact discs (CD-RW), read-onlydigital versatile discs (e.g., DVD-ROM, dual-layer DVD-ROM), a varietyof recordable/rewritable DVDs (e.g., DVD-RAM, DVD-RW, DVD+RW, etc.),flash memory (e.g., SD cards, mini-SD cards, micro-SD cards, etc.),magnetic and/or solid state hard drives, read-only and recordableBlu-Ray® discs, ultra density optical discs, any other optical ormagnetic media, and floppy disks. The computer-readable media may storea computer program that is executable by at least one processing unitand includes sets of instructions for performing various operations.Examples of computer programs or computer code include machine code,such as is produced by a compiler, and files including higher-level codethat are executed by a computer, an electronic component, or amicroprocessor using an interpreter.

While the above discussion primarily refers to microprocessor ormulti-core processors that execute software, some embodiments areperformed by one or more integrated circuits, such as applicationspecific integrated circuits (ASICs) or field programmable gate arrays(FPGAs). In some embodiments, such integrated circuits executeinstructions that are stored on the circuit itself.

As used in this specification, the terms “computer”, “server”,“processor”, and “memory” all refer to electronic or other technologicaldevices. These terms exclude people or groups of people. For thepurposes of the specification, the terms display or displaying meansdisplaying on an electronic device. As used in this specification, theterms “computer readable medium,” “computer readable media,” and“machine readable medium” are entirely restricted to tangible, physicalobjects that store information in a form that is readable by a computer.These terms exclude any wireless signals, wired download signals, andany other ephemeral or transitory signals.

While the invention has been described with reference to numerousspecific details, one of ordinary skill in the art will recognize thatthe invention can be embodied in other specific forms without departingfrom the spirit of the invention. In addition, a number of the figures(including FIGS. 4, 6, and 8-15) conceptually illustrate processes. Thespecific operations of these processes may not be performed in the exactorder shown and described. The specific operations may not be performedin one continuous series of operations, and different specificoperations may be performed in different embodiments. Furthermore, theprocess could be implemented using several sub-processes, or as part ofa larger macro process.

This specification refers throughout to computational and networkenvironments that include virtual machines (VMs). However, virtualmachines are merely one example of data compute nodes (DCNs) or datacompute end nodes, also referred to as addressable nodes. DCNs mayinclude non-virtualized physical hosts, virtual machines, containersthat run on top of a host operating system without the need for ahypervisor or separate operating system, and hypervisor kernel networkinterface modules.

VMs, in some embodiments, operate with their own guest operating systemson a host using resources of the host virtualized by virtualizationsoftware (e.g., a hypervisor, virtual machine monitor, etc.). The tenant(i.e., the owner of the VM) can choose which applications to operate ontop of the guest operating system. Some containers, on the other hand,are constructs that run on top of a host operating system without theneed for a hypervisor or separate guest operating system. In someembodiments, the host operating system uses name spaces to isolate thecontainers from each other and therefore provides operating-system levelsegregation of the different groups of applications that operate withindifferent containers. This segregation is akin to the VM segregationthat is offered in hypervisor-virtualized environments that virtualizesystem hardware, and thus can be viewed as a form of virtualization thatisolates different groups of applications that operate in differentcontainers. Such containers are more lightweight than VMs.

Hypervisor kernel network interface module, in some embodiments, is anon-VM DCN that includes a network stack with a hypervisor kernelnetwork interface and receive/transmit threads. One example of ahypervisor kernel network interface module is the vmknic module that ispart of the ESXi™ hypervisor of VMware, Inc.

One of ordinary skill in the art will recognize that while thespecification refers to VMs, the examples given could be any type ofDCNs, including physical hosts, VMs, non-VM containers, and hypervisorkernel network interface modules. In fact, the example networks couldinclude combinations of different types of DCNs in some embodiments.

In view of the foregoing, one of ordinary skill in the art wouldunderstand that the invention is not to be limited by the foregoingillustrative details, but rather is to be defined by the appendedclaims.

1-20. (canceled)
 21. A method for providing multi-tenancy support forremote direct memory access (RDMA) in a system comprising a plurality ofphysical hosts, each physical host hosting a set of data compute nodes(DCNs), the method comprising: at an RDMA protocol stack of a firstphysical host: receiving a packet comprising a request from a first DCNhosted on the first physical host for RDMA data transfer from a secondDCN hosted on a second physical host; and sending a set of parameters ofan overlay network associated with the first DCN from the RDMA protocolstack to a physical RDMA network interface controller (NIC) of the firstphysical host; the physical RDMA NIC encapsulating the packet with (i)an RDMA data transfer header and (ii) an overlay network header usingthe set of parameters of the overlay network and transferring theencapsulated packet to the second physical host using the overlaynetwork.
 22. The method of claim 21, wherein the first physical hostcomprises virtualization software comprising a logical forwardingelement (LFE), wherein the first DCN is connected to a port of the LFEthrough a virtual NIC, the method further comprising: determining saidport of the LFE is associated with a first tunnel endpoint of theoverlay network; and determining said set of parameters of the overlaynetwork from a set of parameters of the first tunnel endpoint and a setof parameters of a second tunnel end point associated with the secondDCN.
 23. The method of claim 21 further comprising: receiving RDMA datafrom the second DCN at the physical RDMA NIC; and directly inserting theRDMA data from the physical RDMA NIC into a memory buffer of the firstDCN bypassing an operating system of the first physical host and avirtualization software of the first physical host.
 24. The method ofclaim 21, wherein the first DC and the second DCN are associated withdifferent Internet Protocol (IP) addresses.
 25. The method of claim 24further comprising encapsulating the packet with a user datagramprotocol (UDP) header and an IP header comprising an IP address of thefirst DCN and an IP address of the second DCN.
 26. The method of claim21 further comprising: prior to requesting the RDMA data transfer,creating a unique connection identifier for an RDMA connection betweenthe first and second DCNs; and establishing the RDMA connection betweenthe first and second DCNs.
 27. The method of claim 26 furthercomprising: creating a first queue pair by the RDMA protocol stack ofthe first physical host and a second queue pair by an RDMA protocolstack of the second physical host, each queue pair comprising a sendqueue and a receive queue; and associating the set of parameters of theoverlay network with the first and second queue pairs.
 28. The method ofclaim 21, wherein at least one of the DCNs is a virtual machine (VM) andwherein the LFE is a virtual switch.
 29. The method of claim 21, whereinthe overlay network is a virtual extensible local area network (VXLAN).30. The method of claim 21, wherein the RDMA data transfer protocol isone of RDMA over Converged Ethernet (RoCE) and Internet Wide Area RDMAProtocol (iWARP).
 31. A non-transitory machine readable medium storing aprogram for providing multi-tenancy support for remote direct memoryaccess (RDMA) in a system comprising a plurality of physical hosts, eachphysical host hosting a set of data compute nodes (DCNs), the programcomprising sets of instructions for: receiving, at an RDMA protocolstack of a first physical host, a packet comprising a request from afirst DCN hosted on the first physical host for RDMA data transfer froma second DCN hosted on a second physical host; and sending a set ofparameters of an overlay network associated with the first DCN from theRDMA protocol stack to a physical RDMA network interface controller(NIC) of the first physical host; the physical RDMA NIC encapsulatingthe packet with (i) an RDMA data transfer header and (ii) an overlaynetwork header using the set of parameters of the overlay network andtransferring the encapsulated packet to the second physical host usingthe overlay network.
 32. The non-transitory machine readable medium ofclaim 31, wherein the first physical host comprises virtualizationsoftware comprising a logical forwarding element (LFE), wherein thefirst DCN is connected to a port of the LFE through a virtual NIC, theprogram further comprising sets of instructions for: determining saidport of the LFE is associated with a first tunnel endpoint of theoverlay network; and determining said set of parameters of the overlaynetwork from a set of parameters of the first tunnel endpoint and a setof parameters of a second tunnel end point associated with the secondDCN.
 33. The non-transitory machine readable medium of claim 31, theprogram further comprising sets of instructions for: receiving RDMA datafrom the second DCN at the physical RDMA NIC; and directly inserting theRDMA data from the physical RDMA NIC into a memory buffer of the firstDCN bypassing an operating system of the first physical host and avirtualization software of the first physical host.
 34. Thenon-transitory machine readable medium of claim 31, wherein the firstDCN and the second DCN are associated with different Internet Protocol(IP) addresses.
 35. The non-transitory machine readable medium of claim34, the program further comprising a set of instructions forencapsulating the packet with a user datagram protocol (UDP) header andan IP header comprising an IP address of the first DCN and an IP addressof the second DCN.
 36. The non-transitory machine readable medium ofclaim 31, the program further comprising sets of instructions for: priorto requesting the RDMA data transfer, creating a unique connectionidentifier for an RDMA connection between the first and second DCNs; andestablishing the RDMA connection between the first and second DCNs. 37.The non-transitory machine readable medium of claim 36, the programfurther comprising sets of instructions for: creating a first queue pairby the RDMA protocol stack of the first physical host and a second queuepair by an RDMA protocol stack of the second physical host, each queuepair comprising a send queue and a receive queue; and associating theset of parameters of the overlay network with the first and second queuepairs.
 38. The non-transitory machine readable medium of claim 31,wherein at least one of the DCNs is a virtual machine (VM) and whereinthe LFE is a virtual switch.
 39. The non-transitory machine readablemedium of claim 31, wherein the overlay network is a virtual extensiblelocal area network (VXLAN).
 40. The non-transitory machine readablemedium of claim 31, wherein the RDMA data transfer protocol is one ofRDMA over Converged Ethernet (RoCE) and Internet Wide Area RDMA Protocol(iWARP).